Improve the SysReptor update process #489
Description
The recommended procedure to update SysReptor is currently to run the update.sh script. This script downloads the docker-compose.yml (in several files) and restarts the docker containers.
A better option would be to allow triggering an update via the web interface. This is, however, difficult to do because the SysReptor app is running in a dedicated Docker container (Docker image), side-by-side with some helper containers (PostgreSQL, Redis, LanguageTool, sometimes Caddy).
We cannot trigger an image pull from within the container and neither want to mount the Docker socket into the container (due to security reasons). Additionally, the helper containers might change from time to time, which requires the admins to download the new docker-compose.yml, which is currently done by update.sh with each update.
Some options to improve the update process could be:
- Allow users adding a cronjob when running the
install.shscript- SysReptor would then auto-update without user control.
- Users would rely on this functionality and probably wouldn't recognize if the updates failed.
- Running an update service on the host machine
- This could poll the SysReptor app container if the user requested an update.
- If yes, it could trigger the update process.
- It could also push the update states (update pending/started/finished/failed) to the SysReptor app container.
- Running an update service as an additional Docker container
- Like 2. but as a container with mounted Docker socket (reduced security impact, as a compromised SysReptor app container wouldn't have full access to the Docker socket, but could only trigger updates).
Do you see any other options or have inputs?